Cisco Backdoor Account & Other Critical Vulnerabilities

Hello,

Very recently Cisco announced 3 "critical risk" and numerous other "high risk" vulnerabilities. One
of those vulnerabilities affect IOS XE devices which come with a default pre-configured privileged account which if known could grant easy access to the device by an attacker. Some sources say that this made its way by mistake from testing environment and wasn't removed by the developers before publishing the IOS XE image.
Below is a comprehensive table listing the vulnerabilities alongside their risk level and CVE reference. The affected platforms includes ISR4000, ASR900, ASR1000, Catalyst 3650/3850, Routers 2900, etc...

Vulnerability	Risk	CVE
Cisco IOS XE Software Static Credential Vulnerability	Critical	CVE-2018-0150
Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability	Critical	CVE-2018-0151
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability	Critical	CVE-2018-0171
Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability	High	CVE-2018-0174
Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability	High	CVE-2018-0173
Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability	High	CVE-2018-0172
Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability	High	CVE-2018-0154
Cisco IOS XE Software Simple Network Management Protocol Double-Free Denial of Service Vulnerability	High	CVE-2018-0160
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability	High	CVE-2018-0159
Cisco IOS XE Software with Cisco Umbrella Integration Denial of Service Vulnerability	High	CVE-2018-0170
Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities	High	CVE-2018-0167 CVE-2018-0175
Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities	High	CVE-2018-0169 CVE-2018-0176
Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability	High	CVE-2018-0165
Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service Vulnerability	High	CVE-2018-0155
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability	High	CVE-2018-0156
Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability	High	CVE-2018-0177
Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability	High	CVE-2018-0158
Cisco IOS XE Software Zone-Based Firewall IP Fragmentation Denial of Service Vulnerability	High	CVE-2018-0157
Cisco IOS XE Software Web UI Remote Access Privilege Escalation Vulnerability	High	CVE-2018-0152
Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerability	High	CVE-2018-0161

--
Elie Bassil
linkedin.com/in/eliebassil

Cisco Backdoor Account & Other Critical Vulnerabilities

33 comments